Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Michelangelo van Dam:
Compile PHP 7 on Mac OS X 10.11 "El Capitain"
Jul 19, 2016 @ 09:34:33

In a new post to his site Michelangelo van Dam has posted a guide to compiling PHP 7 on OSX "El Capitan", the latest release of the popular Apple operating system.

Apple has made a numerous changes to the way OS X (10.11) "El Capitain" uses open source elements like PHP and OpenSSL. Compiling PHP from source requires a bit more modifications.

This article is a follow-up on my previous post <a href='http://www.dragonbe.com/2015/12/installing-php-7-with-xdebug-apache-and.html">Installing PHP 7 with XDebug, Apache and MySQL on OS X Yosemite.

He then provides the commands and configuration information you'll need to get things up and running:

  • OpenSSL
  • PHP 7
  • Apache

The end result is a simple PHP 7 installation with plenty of features installed.

tagged: compile php7 mac osx elcapitan openssl apache

Link: http://www.dragonbe.com/2016/07/compile-php-7-on-mac-os-x-1011-el.html

Thijs Feryn:
What are Type Errors in PHP 7?
Jul 15, 2016 @ 09:58:19

In a new post to his site Thijs Feryn has shared an overview of the different types of type errors that can pop up in PHP 7. This includes both a text-based and video based versions depending on your preference.

PHP 7 has a concept called Type Errors. These errors are thrown on a type mismatch when interacting with functions. They can be caught just like exceptions. I created a video that explains the situation. This blog post goes into more detail and has some code examples.

The post gets into the details of the type errors including topics like:

  • new type hints that were introduced
  • how you can manually throw type errors
  • when PHP itself would throw the errors
  • type coercion

There's also a brief section about strict typing and how that changes what errors PHP might throw in your scripts.

tagged: type error php7 introduction overview video tutorial

Link: https://blog.feryn.eu/type-errors-php-7/

Paragon Initiative:
Securing a PHP Application in 2016: The Pocket Guide
Jul 11, 2016 @ 12:45:11

The Paragon Initiative has posted a new tutorial giving you a pocket guide version to securing your PHP application in 2016.

Please set aside most of what you've heard over the years; chances are, most of it just muddies the water. Security is not a product. Security is not a checklist. Security is not an absolute.

Security is a process. Security is an emergent property of a mature mindset in the face of risk.

Perfect security is not possible, but attackers do have budgets. If you raise the cost of attacking a system (your application or the networking infrastructure it depends on) so high that the entities that would be interested in defeating your security are incredibly unlikely to succeed, you'll be incredibly unlikely to be compromised.

The post talks about the "essence of security" and how most prevention methods don't even add much processing overhead or overall development time. He makes four recommendations of things to do in current and future development to help secure your applications:

  • Use PHP 7 in All New Development
  • Use HTTPS Everywhere
  • Use Security Headers
  • Use Trustworthy Reference Material

The post ends with a few other things to think about when building secure applications including raising the "cost" of attacking your system and keeping in mind that your platform may not be the attacker's "end game".

tagged: paragoninitiative secure application pocket guide top4 php7 https headers references

Link: https://paragonie.com/blog/2016/07/securing-php-application-in-2016-pocket-guide

PHP.net:
PHP 7.1.0 Alpha 3 Released
Jul 08, 2016 @ 12:57:39

The PHP development group has officially announced the release of the latest alpha in the PHP 7.1.x series: PHP 7.1.0 Alpha 3. This is a preview release and should not be used for production applications.

The PHP development team announces the immediate availability of PHP 7.1.0 Alpha 3. This release is the last alpha for 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.

This release includes new features including an Iterable type, HTTP/2 server push support, creating closures from callables and more precise float values. You can see the full list of additions and changes in the NEWS and UPGRADING files. If you're interested in trying out this latest alpha, you can get the latest source release from here and the Windows binaries here.

tagged: language release alpha php7 preview development

Link: http://php.net/index.php#id2016-07-07-1

PHP.net:
PHP 7.1.0 Alpha 2 Released
Jun 28, 2016 @ 11:51:17

The PHP development group has officially released the latest alpha in the PHP 7.1.x series of releases. This is an alpha release and is not intended for production use.

The PHP development team announces the immediate availability of PHP 7.1.0 Alpha 2. This is the second alpha release for PHP 7.1.0. All users of PHP are encouraged to test this version carefully, and report any bugs and incompatibilities in the bug tracking system.

[...] For more information on the new features and other changes, you can read the NEWS file, or the UPGRADING file for a complete list of upgrading notes. These files can also be found in the release archive.

You can get this latest alpha release for testing on your own systems from the QA downloads page (for source) and the Windows QA site for the Windows binaries.

tagged: language release php7 alpha alpha2 preview

Link: http://php.net/index.php#id2016-06-24-1

PHP.net:
PHP 7.0.8, 5.6.23 & 5.5.37 Released
Jun 24, 2016 @ 12:15:55

The PHP development group has released the latest updates to all currently supported versions of PHP including several security fixes discovered. These latest versions are:

The PHP development team announces the immediate availability of PHP [5.5.37, 5.6.23 and 7.0.8]. This is a security release, several security bugs were fixed. All PHP [...] users are encouraged to upgrade to this version.

As always, you can get the latest source release as linked to from the main downloads page and the Windows binaries from the windows.php.net site. The full list of files can be found in the version's related Changelog.

tagged: language release bugfix security php55 php56 php7

Link: http://php.net/archive/2016.php#id2016-06-23-3

Three Devs & A Maybe:
Episode 97 - RFC Showdown for PHP 7.1 with Joe Watkins
May 12, 2016 @ 09:17:18

The Three Devs and a Maybe podcast has released their latest episode (#97) where hosts Michael Budd, Fraser Hart, Lewis Cains and Edd Mann are joined by internals developer Joe Watkins to talk about PHP RFCs targeted for PHP 7.1.

In this episode we are joined by Joe Watkins to discuss the many RFC’s that are in contention to be approved for PHP 7.1. We start off with a congratulations to Joe for his first PHP Release Manager position, highlighting what the role entails and how it is going. We then discuss the RFC process and how there has been a lot of activity over the past couple of weeks within this space.

The concept of ‘Null’ is the first group of RFC’s we discuss, followed by union/intersection types and the pipe operator. We then move on to chat about short closure syntax, functional interfaces and lexical scope within anonymous classes. Finally, we bring up the comparable RFC which has been around for many years and the benefits of having attributes within the language.

In the show notes they have links to all of the RFCs mentioned in the episode (there's lots of them) for your easy reference. You can listen to this latest episode either through the in-page audio player or by downloading the mp3 directly. If you enjoy the show, be sure to subscribe to their feed too.

tagged: threedevsandamaybe ep97 podcast joewatkins rfc php7 showdown

Link: http://threedevsandamaybe.com/rfc-showdown-for-php-7-1-with-joe-watkins/

Mark Baker:
In Search of an Anonymous Class Factory
May 03, 2016 @ 10:49:25

In a new post to his site Mark Baker take a look at anonymous classes, a new feature in PHP 7, and a challenge he took on to figure out how to apply traits to them at runtime.

One of the more interesting new features introduced to PHP with the arrival of version 7 is Anonymous Classes. [...] Then back in January (as I was waiting for my flight to the continent for PHPBenelux) I was intrigued by a request to find a way of dynamically applying Traits to a class at run-time. With time on my hands as I was sitting in the airport, I considered the problem.

His first idea was to build an anonymous class, extending the requested class that would come along with the traits/properties/functionality of the original class. He includes some of the code he tried to implement this solution and ultimately figured out that a factory would be a good approach to creating the structure. After doing some research he found a way to create the factory using some eval magic. However, this wasn't "the end of the story" as he found out some other interesting things about anonymous classes (such as the fact that they're linked to only one instance of a class, making them less reusable).

tagged: anonymous class php7 factory eval example

Link: https://markbakeruk.net/2016/05/03/in-search-of-an-anonymous-class-factory/

Viva64.com:
Analysis of PHP7
Apr 29, 2016 @ 12:15:56

On the Viva64.com site they've posted the results of their own evaluation of PHP 7 in terms of both the source of the language itself and the libraries it makes use of.

Sometimes checking a project one more time can be quite amusing. It helps to see which errors were fixed, and which ones got into the code since the time it was last checked. My colleague has already written an article about PHP analysis. As there was a new version released, I decided to check the source code of the interpreter once again, and I wasn't disappointed - the project had a lot of interesting fragments to look at.

They start with a brief look at PHP 7 including when it was released, some of the features/functionality included and the tool they used to do the analysis. They talk about some of the difficulties in the analysis process and how the widespread user of macros tripped it up a bit. They includes some code examples from PHP's source and the warnings that their PVS-Studio returned. The post ends with a brief look at the third-party libraries PHP uses and the responsibility the project takes in including them.

tagged: php7 analysis language source scanner pvsstudio results

Link: http://www.viva64.com/en/b/0392/#ID0EWECK

PHP.net:
PHP 5.5.35, 5.6.21 and 7.0.6 Released
Apr 29, 2016 @ 08:29:36

On the main PHP.net site they've announced the latest releases of all currently supported versions of the language: PHP 5.5.35, 5.6.21 and 7.0.6. These are bugfix released with, among several others, security related corrections.

The PHP development team announces the immediate availability of PHP [5.5.35, 5.6.21 and 7.0.6]. This is a security release. Several security bugs were fixed in this release.

The PHP 7 release fixes two newly identified vulnerabilities: CVE-2016-3078 (Zip handling) and CVE-2016-3074 (GD functionality). As these are security releases it is highly recommended that you upgrade your current installations as soon as possible. You can get these latest versions from the main PHP.net downloads page or from windows.php.net for the Windows binaries.

tagged: language release bugfix security php55 php56 php7

Link: http://php.net